https://telecominfraproject.atlassian.net/browse/WIFI-10392

Signed-off-by: stephb9959 <stephane.bourque@gmail.com>
2025-10-29 17:52:28 +00:00 · 2023-01-25 16:39:00 -08:00
parent b54a914c0d
commit d5e0687ade
5 changed files with 8 additions and 8 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-4
+6
--- a/src/ProvWebSocketClient.cpp
+++ b/src/ProvWebSocketClient.cpp
@@ -23,7 +23,7 @@ namespace OpenWifi {
    void ProvWebSocketClient::ws_command_serial_number_search(const Poco::JSON::Object::Ptr &O,
                                                              bool &Done, std::string &Answer) {
        Done = false;
-        auto Prefix = O->get("serial_prefix").toString();
+        auto Prefix = ORM::Escape(O->get("serial_prefix").toString());
        Poco::toLowerInPlace(Prefix);
        Logger().information(Poco::format("serial_number_search: %s", Prefix));
        if (!Prefix.empty() && Prefix.length() < 13) {
@@ -58,7 +58,7 @@ namespace OpenWifi {

    void ProvWebSocketClient::ws_command_subuser_search( const Poco::JSON::Object::Ptr &O, bool &Done, std::string &Answer) {
        Done = false;
-        auto operatorId = O->get("operatorId").toString();
+        auto operatorId = ORM::Escape(O->get("operatorId").toString());
        std::string nameSearch, emailSearch;
        OpenWifi::RESTAPIHandler::AssignIfPresent(O,"nameSearch",nameSearch);
        OpenWifi::RESTAPIHandler::AssignIfPresent(O,"emailSearch",emailSearch);
--- a/src/RESTAPI/RESTAPI_inventory_list_handler.cpp
+++ b/src/RESTAPI/RESTAPI_inventory_list_handler.cpp
@@ -104,7 +104,7 @@ namespace OpenWifi{
        } else if (HasParameter("subscriber",Arg) && !Arg.empty()) {
            // looking for device(s) for a specific subscriber...
            ProvObjects::InventoryTagVec Tags;
-            DB_.GetRecords(0,100,Tags," subscriber='" + Arg + "'");
+            DB_.GetRecords(0,100,Tags," subscriber='" + ORM::Escape(Arg) + "'");
            if(SerialOnly) {
                std::vector<std::string>    SerialNumbers;
                std::transform(cbegin(Tags), cend(Tags), std::back_inserter(SerialNumbers), [](const auto &T) { return T.serialNumber; });
--- a/src/RESTAPI/RESTAPI_signup_handler.cpp
+++ b/src/RESTAPI/RESTAPI_signup_handler.cpp
@@ -194,9 +194,9 @@ namespace OpenWifi {
    }

    void RESTAPI_signup_handler::DoGet() {
-        auto EMail = GetParameter("email");
+        auto EMail = ORM::Escape(GetParameter("email"));
        auto SignupUUID = GetParameter("signupUUID");
-        auto macAddress = GetParameter("macAddress");
+        auto macAddress = ORM::Escape(GetParameter("macAddress"));
        auto List = GetBoolParameter("listOnly",false);

        poco_information(Logger(),fmt::format("Looking for signup for {}",EMail));
--- a/src/RESTAPI/RESTAPI_sub_devices_list_handler.cpp
+++ b/src/RESTAPI/RESTAPI_sub_devices_list_handler.cpp
@@ -9,8 +9,8 @@
 namespace OpenWifi {

    void RESTAPI_sub_devices_list_handler::DoGet() {
-        auto operatorId=GetParameter("operatorId");
-        auto subscriberId=GetParameter("subscriberId");
+        auto operatorId=ORM::Escape(GetParameter("operatorId"));
+        auto subscriberId=ORM::Escape(GetParameter("subscriberId"));

        if(!operatorId.empty() && !StorageService()->OperatorDB().Exists("id",operatorId)) {
            return BadRequest(RESTAPI::Errors::OperatorIdMustExist);